18.1 Features: SQL Injection Detection

A small feature that could have a huge impact on your code – we try to make sure you know your PL/SQL might be vulnerable.

SQL Injection is a very well known security risk in the database world. Nefarious people could ‘inject’ SQL into the code you’re about to execute via some some of user input you make available to them.

We even talk about this in the Oracle Database Docs and provide some examples of what it looks like and how to avoid it.

We thought it would be good to beef up our Code Insight feature to mark up any suspicious looking PL/SQL you have in an editor.

So what do we do?

First, this is just a warning. We’re looking at your code, but we don’t know how you’re using it. You know that, so it’s possible we might have a false positive. If however, you think there’s something there, make sure to read up on the ‘Guarding Against SQL Injection’ section of the Oracle Docs.

I don’t like this.

You can turn it off then.

This feature will continue to be enhanced. Please send us your code samples if you feel it’s catching false positives.